Custom PAM module and Oauth2 tokens

I have rootless Podman container (system: Alpine Linux) in Podman (master system: Alpine Linux). Container is able to work with xRDP (and sesman) so I am able to connect to it via local user (if defined). I would like to authorize user even if no account already defined on container system. I would like to write custom PAM module with checking external service data via OAuth2 or REST API requests. Unfortunately I am not able to get password user typed in xRDP login form. My current questions: - I have a plan to prepare sh script for this operation. Does it is possible in general? - I would like to keep xRDP login form so I don't have an access to web browser at time of login so external service cannot be activated before login form. I believe I can work with REST API of service also (but need token or user name - password pair). - Do I have any chance to get password from xrdp login dialog or really not due to PAM architecture? - Does PAM module is the only way here in Linux how to authorize+authenticate users for Alpine Linux (or in general for any Linux)? Thanks for help.