Not able to create privatekey if only pincode is set on device?

Im trying to generate a privatekey that only is accessible when either pincode or current set of biometrics( that is already registered on device) is used. It works when i have a finger registered on device, then its all good. But if i delete my registered "touchid-finger", and try to generate a new key, then it returns nil

Errorcode is -25293

func generateKey() -> SecKey?{
  var error: Unmanaged?
  let accessControl = SecAccessControlCreateWithFlags(
  kCFAllocatorDefault,
  kSecAttrAccessibleWhenUnlockedThisDeviceOnly,
  [.devicePasscode,.or,.biometryCurrentSet],
  nil)

  let attributes:[String : Any] = [kSecAttrType as String: kSecAttrKeyTypeRSA,
  kSecAttrKeySizeInBits as String:4096,
  kSecPrivateKeyAttrs as String: [
  kSecAttrIsPermanent:true,
  kSecAttrCanSign: true,
  kSecAttrApplicationTag: "yes.its.my.tag",
  kSecAttrAccessControl:accessControl!]]
  let privateKey = SecKeyCreateRandomKey(attributes as CFDictionary, &error)
  if(error != nil || privateKey == nil) {
       fatalError("explode Kittens")
  }
  return privateKey
}

Its actually works on simulators but not on real devices.
I do not want to use userPresence, since then one can add fingerprints and still be able to fetch the key.

Since its .OR , i would think it should be enough to have a pincode on device to generate key.
posted the question on stackoverflow also.. https://stackoverflow.com/questions/58445519/ios-not-able-to-create-privatekey-if-only-pincode-is-set-on-device