The extent of the safety of OAuth token storage depends on how you plan on using the tokens.
Checking a user’s subscription to a channel only requires the oauth token while the client is performing a request, so the safest approach is, at login, to encrypt the oauth token (with AES, for example), and store it in the client’s cookies, then decrypt it when it is necessary.
This approach does not require user oauth tokens to be stored on the server (which is great if evil forces break into your database), and for checking if the user is logged in you can maintain session tokens, storing them in addition to the encrypted oauth tokens in the client’s cookies at login.
The downside to this approach is with it you cannot access oauth tokens of clients aside from the one performing the request, however.