diff --git a/google/oauth2/_client.py b/google/oauth2/_client.py
index c2eb6443f..428993646 100644
--- a/google/oauth2/_client.py
+++ b/google/oauth2/_client.py
@@ -90,6 +90,11 @@ def _can_retry(status_code, response_data):
         error_desc = response_data.get("error_description") or ""
         error_code = response_data.get("error") or ""
 
+        if not isinstance(error_code, six.string_types) or not isinstance(
+            error_desc, six.string_types
+        ):
+            return False
+
         # Per Oauth 2.0 RFC https://www.rfc-editor.org/rfc/rfc6749.html#section-4.1.2.1
         # This is needed because a redirect will not return a 500 status code.
         retryable_error_descriptions = {
diff --git a/samples/cloud-client/snippets/verify_google_idtoken.py b/samples/cloud-client/snippets/verify_google_idtoken.py
index 4d2216efd..35b88c99e 100644
--- a/samples/cloud-client/snippets/verify_google_idtoken.py
+++ b/samples/cloud-client/snippets/verify_google_idtoken.py
@@ -48,7 +48,7 @@ def verify_google_idtoken(idtoken: str, audience="iap.googleapis.com",
     request = google.auth.transport.requests.Request()
     # Set the parameters and verify the token.
     # Setting "certs_url" is optional. When verifying a Google ID token, this is set by default.
-    result = id_token.verify_token(idtoken, request, audience)
+    result = id_token.verify_token(idtoken, request, audience, clock_skew_in_seconds=10)
 
     # Verify that the token contains subject and email claims.
     # Get the User id.
diff --git a/system_tests/secrets.tar.enc b/system_tests/secrets.tar.enc
index e7037d4e3..522223f61 100644
Binary files a/system_tests/secrets.tar.enc and b/system_tests/secrets.tar.enc differ
diff --git a/tests/oauth2/test__client.py b/tests/oauth2/test__client.py
index b322eefed..ff3096057 100644
--- a/tests/oauth2/test__client.py
+++ b/tests/oauth2/test__client.py
@@ -94,7 +94,14 @@ def test__can_retry_message(response_data):
     assert _client._can_retry(http_client.OK, response_data)
 
 
-@pytest.mark.parametrize("response_data", [{"error": "invalid_scope"}])
+@pytest.mark.parametrize(
+    "response_data",
+    [
+        {"error": "invalid_scope"},
+        {"error": {"foo": "bar"}},
+        {"error_description": {"foo", "bar"}},
+    ],
+)
 def test__can_retry_no_retry_message(response_data):
     assert not _client._can_retry(http_client.OK, response_data)