Update README.md

packages/lessons/broken-object-property-level-authorization/README.md

@@ -7,9 +7,12 @@ owasp: 'API4:2023'
 authors: ['escape']
 ---
 
-This lesson is about properly setting up object property level authorization in GraphQL with Apollo. The server code is given, with authentication developed following [Apollo's recommandations](https://www.apollographql.com/docs/apollo-server/security/authentication/). Our goal is to protect sensitive data from leaking to unauthorized users.
+This lesson is about [properly setting up](https://escape.tech/blog/authentication-authorization-access-control/#access-control-best-practices-to-secure-your-graphql-api) Object Property Level Authorization in GraphQL with Apollo. The server code is given, with authentication developed following [Apollo's recommendations](https://www.apollographql.com/docs/apollo-server/security/authentication/). Our goal is to protect sensitive data from leaking to unauthorized users.
+
+
+
+The GraphQL server of this lesson has the same structure as [Broken Object-Level Authorization](https://escape.tech/academy/broken-object-level-authorization). The data it severs is a list of users, with various details about them. Let's take a look at the data served by starting the server:
 
-The GraphQL server of this lesson has the same structure as _Broken Object-Level Authorization_. The data it severs is a list of users, with various details about them. Let's take a look at the data served by starting the server:
 
 - Open a new terminal.
 - Run `npm install` to install the dependencies.
@@ -26,7 +29,7 @@ query {
 }
 ```
 
-Running this query allows you to see the list of users and their locations. Because `location` is a sensitive data we want to protect, we want to make sure that only the user themselves can see it.
+Running this query allows you to see the list of users and their locations. Because `location` is sensitive data we want to protect, we want to make sure that only the user themselves can see it.
 
 ```graphql
 # This should work