The implicit grant type was intended to support single page apps (SPAs) that need a token, but also need user consent, without requiring the 3-legged authorization_code flow , featuring a redirect hop, in which the app exchanges an authorization code for a token. (cite). The 302 was an required part of the implicit response.  In the original OAuth2.0 specification, aka IETF RFC 6749, states this clearly, specifically in section 4.2.2: 

Therefore, in response to your question, "Can't I just get an implicit access token with HTTP 200 in return to a POST request to APIGEE without HTTP 302?" , the answer is no.  If you use implicit grant, then you get a 302 response. And further, the token is in the URL, not in the response body (aFAIK there is no response body in a 302).  That is by definition. 

But take note, I used the past tense when describing the intent behind the implicit grant. As of January 2020 at the latest, the OAuth2.0 standards group began recommending against using the implicit grant type, because of the risk of credential and token leakage. If you read the original spec, RFC6749, the authors even raised the concern about security issues then.  Later, the experts changed their minds, and rather than just "warn" people about the security issues, they advise directly against using implicit grant.  See the latest detailed best practices document here.  Now, the experts on the OAuth2.0 working group say that you should use authorization_code grant type for your SPAs that need user consent, and you should also use PKCE with that.  I concur, and encourage everyone to avoid the use of the implicit grant type, whether you are using Apigee or not. 

If you do not need the user-consent that is inherent in the authorization_code flow, and you just want to get a token that authorizes the app itself, then use client_credentials. For that you can get a response body payload with the token embedded within it.

Does the Nittany in your name refer to Penn State?