Am I supposed to have my getRequestToken endpoint store them somewhere once they're retrieved?
Yes. :-)
Does that answer the question? Yes, you need to temporarily store the request token somewhere while you wait for the user to arrive back on your site.