I have solved my issue by using mac authentication. The way I went around it, as there is no external page to configure using mac auth, is by tweaking the routers theme files to redirect to my own (whitelisted) landing page, which after whatever logic I need to have is completed, I will redirect back to the internal mac auth landing page (with a url parameter) so the user can continue and gain access to the hotspot.
This way I have the capabilities of limiting users based on simple rules inside the router's hotspot user groups.