oAuth Access Token retries

I’m trying to take the php auth example given in the documentation but I’m trying to figure out a way of being able to validate that the client has a oAuth access token prior to installation. The only way I know I can do that is using the merchant ID. Should I store the merchant ID in a cookie during the first app installation and then retrieve it each time the client tries to access my application? Thanks